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COMPLETE  AND  INFINITE  TRACES: 
A  descriptive  model  of  computing  agents 


Kevin  S.  Van  Horn 
Department  of  Computer  Science 
California  Institute  of  Technology 
Pasadena,  CA  91125 


Abstract:  A  model  of  computing  agents  is  presented.  Computing  agents  are  modeled 
as  processes,  which  are  essentially  sets  of  traces  representing  possible  complete  sequences 
of  actions  performed  by  an  agent  and  its  environment.  Some  technical  difficulties  with 
infinite  traces  are  resolved,  with  the  result  that  one  may  take  the  parallel  composition  of 
any  countable  set  of  processes,  after  possibly  renaming  some  symbols. 

0.  Introduction 

One  indication  of  how  well  we  understand  some  phenomenon  is  our  ability  to  provide 
an  adequate  mathematical  model  of  it.  Such  a  model  provides  a  firm  basis  for  reasoning 
about  the  phenomenon;  in  its  absence  we  are  vulnerable  to  the  treacheries  of  informal 
reasoning,  and  we  are  severely  limited  in  our  ability  to  analyze  complex  instances  of  the 
phenomenon.  Computer  science,  as  distinguished  from  the  natural  sciences,  is  the  study  of 
phenomena  of  our  own  invention;  alas,  invention  does  not  necessarily  entail  comprehension. 
Adequate  mathematical  models  are  just  as  indispensable  for  computer  science  as  for  other 
disciplines.  In  this  paper  we  propose  a  general  model,  CIT  (Complete  and  Infinite  Traces), 
of  a  “phenomenon”  of  great  importance  in  computer  science:  computing  agents. 

The  motivation  for  developing  as  general  a  model  as  possible  is  a  desire  for  conceptual 
economy.  For  example,  many  different  approaches  to  concurrent  programming  have  been 
investigated,  and  many  proposals  have  been  put  forth  for  the  semantics  of  various  concur¬ 
rent  languages;  wouldn’t  it  be  nice  if  all  of  these  could  be  described  and  reasoned  about 
within  the  same  underlying  mathematical  framework?  This  would  facilitate  the  introduc¬ 
tion  of  useful  new  programming  constructs  to  a  language  without  wreaking  havoc  with  the 
semantics.  As  an  example,  there  have  been  a  number  of  proposals  for  the  denotational 
semantics  of  CSP  [7][l][2][3],  and  it  is  not  obvious  how  they  should  be  extended  to  include 
Alain  Martin  s  probe  function  [4].  In  addition,  the  ability  to  describe  hardware  systems 


1 


within  this  same  framework  would  help  to  further  erode  the  dichotomy  between  hardware 
and  software  and  aid  us  in  applying  the  same  reasoning  and  design  methods  to  both  kinds 
of  systems. 

What  is  a  computing  agent?  In  one  view,  a  computing  agent  is  something  that  takes  an 
input  and  produces  as  output  some  function  of  it.  This  is  the  view  taken  in  the  traditional 
denotational  semantics  of  sequential  programming  languages.  An  imperative  program  is 
considered  to  denote  a  function  from  an  initial  to  a  final  state,  and  a  functional  program 
is  considered  to  denote  a  function  on  some  domain.  Such  a  view  is  clearly  inadequate  for 
describing  hardware  devices  other  than  purely  combinational  logic,  and  is  too  simplistic 
even  for  describing  most  programs — except  in  scientific  computing,  few  useful  programs 
are  of  the  “give  me  an  input  and  I’ll  give  you  an  output”  variety. 

The  view  we  take  in  this  paper  is  this:  computing  agents  are  objects  which  may 
perform  various  actions,  thus  exhibiting  some  discrete  behavior,  and  this  behavior  may  be 
influenced  by  the  actions  of  other  agents.  In  the  case  of  a  digital  circuit  the  relevant  actions 
are  voltage  transitions.  A  computer  program  may  perform  such  actions  as  assigning  a  value 
to  a  variable,  initiating  a  CSP-style  communication  action,  or  writing  a  character  to  the 
user’s  screen,  and  may  respond  to  actions  such  as  the  user  hitting  a  key  on  the  keyboard. 

This  is  a  different  view  of  actions  (sometimes  referred  to  as  events)  than  is  taken  in 
models  such  as  Milner’s  CCS  [5]  or  Hoare,  Brookes,  and  Roscoe’s  failures  model  of  CSP  [2], 
in  which  actions  require  the  participation  of  more  than  one  agent.  Here  we  consider  every 
action  to  be  performed  by  some  single  agent.  A  CSP  communications  action  is  viewed  as 
two  actions,  one  performed  by  the  sender  and  the  other  by  the  receiver. 

An  action  performed  by  the  computing  agent  itself  is  an  output  action,  while  an  action 
performed  by  some  exterior  agent  is  an  input  action.  An  output  action  is  not  necessarily 
“seen”  by  any  external  agent;  it  may  be  an  internal  action.  There  is  an  essential  asymmetry 
between  input  actions  and  output  actions:  the  computing  agent  can  control  which  output 
actions  take  place,  but  has  no  control  over  input  actions.  This  asymmetry  is  the  reason 
for  using  the  term  “computing  agenf  instead  of  “computing  system.”  We  wish  to  describe 
the  behavior  of  some  object  which  will  be  made  to  interact  with  other  objects,  without 
knowing  a  priori  anything  about  the  behavior  of  those  other  objects. 

1.  Traces 

We  shall  use  traces  to  represent  sequences  of  actions.  It  is  assumed  that  the  reader 
has  had  some  exposure  to  formal  language  theory;  below  we  present  the  definitions  and 
notations  which  will  be  used  in  this  paper. 

A  trace  is  a  sequence  of  symbols  taken  from  some  alphabet,  which  is  just  a  set  of 
symbols.  The  empty  trace  is  denoted  by  e:,  and  the  trace  of  unit  length  formed  from  the 
symbol  x  is  denoted  x-.  The  set  of  all  finite  traces  formed  from  alphabet  A  is  written  A*, 
the  set  of  all  infinite  traces  formed  from  A  is  written  A“,  and  A°°  is  just  A*  U  A“. 

The  catenation  of  two  traces  t  and  u  is  written  as  the  juxtaposition  of  the  two,  i.e.  tu. 
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If  t  is  an  infinite  trace  then  tu  is  undefined. 

The  length  of  a  trace  t  is  written  as  i{t);  if  t  is  infinite,  then  l{t)  =  uj.  We  write  ^(t) 
for  “t  is  finite.”  We  shall  often  omit  the  phrase  $(t)  when  it  is  obvious  from  context. 

A  prefix  of  a  trace  is  any  finite  initial  subsequence  of  it.  We  write  t  <  t'  to  mean  “t  is 
a  prefix  of  t'”,  i.e.  #{i)  A  (3«  ::  t'  =  tu).  Note  that  <  is  a  partial  order  on  traces  (except 
that  t  <t  doesn’t  hold  if  t  is  infinite) . 

The  set  of  prefixes  of  a  trace  t  is  pref  t  =  {t’  \t'  <t}.  Note  that  pref  t  contains  only 
finite  traces.  For  a  set  of  traces  T  we  similarly  define  prefT  =  U(t  preft).  We 

say  that  T  is  prefix-closed  if  pref  T  CT. 

A  chain  of  traces  is  a  set  of  finite  traces  S  s.t.  t  <t'  or  t'  <t  for  all  t,V  e  S.  Every 
chain  of  traces  S  has  a  least  upper  bound,  which  we  shall  denote  C{S)-,  if  S  is  finite  then 
C{S)  is  just  the  maximum  element  of  S,  otherwise  it  is  the  unique  infinite  trace  t  s.t. 
pref  t  —  pref  S.  Note  that  pref  t  is  a  chain  for  all  traces  t,  and  that  t  =  C{preft). 

Given  a  trace  t  and  trace  set  T,  we  define  next{t,  T)  to  be  {  a  |  ta-  G  pref  T  }. 

We  write  for  the  number  of  occurrences  of  symbols  from  A  in  t,  and  for 
tfi={a}  if  a  is  a  symbol. 

2.  Sequential  Processes 

The  mathematical  structure  which  we  will  use  to  model  a  computing  agent  is  called 
a  process.  A  process  is  essentially  a  set  of  traces  plus  an  input  and  an  output  alphabet. 
Each  symbol  in  the  output  alphabet  represents  some  action  which  the  agent  may  perform, 
and  each  symbol  in  the  input  alphabet  represents  some  external  action  which  may  affect 
the  agent.  We  consider  all  actions  to  be  instantaneous,  having  no  duration  in  time;  if  an 
“action”  actually  does  have  some  nonzero  duration,  we  will  model  it  by  two  actions,  one 
which  indicates  initiation  and  another  which  indicates  termination. 

We  assume  that  there  is  some  “starting  point” ,  some  point  in  time  before  which  neither 
the  computing  agent  nor  the  agents  interacting  with  it  perform  any  action.  We  can  then 
imagine  an  observer  who  is  present  from  the  starting  point  until  the  end  of  eternity,  and 
who  records  the  sequence  of  actions  (both  input  and  output)  which  are  performed.  This 
sequence  we  call  a  complete  history.  If  we  imagine  that  our  observer  gets  bored  after  a 
finite  amount  of  time  and  wanders  off,  the  sequence  he  records  we  call  a  partial  history, 
and  will  be  a  prefix  of  some  complete  history.  Every  complete  history  which  might  be 
recorded  by  our  imaginary  observer  must  be  in  the  trace  set  of  the  process  describing  the 
computing  agent  in  question. 

By  using  traces  this  way  we  implicitly  assume  that  no  two  distinct  actions  may  occur 
at  exactly  the  same  time;  one  always  precedes  the  other,  even  if  the  time  separating  them 
is  too  small  to  be  measured.  This  is  justifiable  since,  for  the  systems  we  will  consider,  only 
a  finite  number  of  actions  may  occur  within  a  finite  interval  of  time,  and  this  finite  interval 
contains  an  tmcountably  infinite  niimber  of  points. 
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The  process  modeling  a  computing  agent  must  include  in  its  trace  set  any  sequence  of 
actions  which  we  cannot  guarantee  will  not  occur,  given  our  knowledge  of  the  computing 
agent.  Thus  it  could  happen  that,  upon  further  investigation,  we  will  find  that  some 
element  of  the  trace  set  is  not  a  possible  complete  history  at  all.  For  example,  the  trace 
set  may  indicate  that  two  concurrent  actions  a  and  b  may  occur  in  either  order,  whereas 
the  actual  operation  of  the  agent  may  be  such  that  a  will  always  occur  before  b.  If  the 
trace  set  contains  elements  which  are  not  in  reality  possible  complete  histories,  our  model 
may  be  inadequate,  but  as  long  as  the  trace  set  contains  every  possible  complete  history, 
we  will  consider  the  process  to  be  a  correct  model  of  the  computing  agent. 

It  is  evident  that  not  all  sets  of  traces  are  valid  representations  of  the  behavior  of  some 
computing  agent.  For  example,  suppose  that  t  is  some  possible  partial  history;  furthermore, 
suppose  that  when  the  sequence  of  actions  t  has  occurred  the  next  action  that  occurs  must 
be  an  input  action,  i.e.  for  all  a  s.t.  ta*  is  a  partial  history,  a  is  an  input  action.  Then 
t  is  a  possible  complete  history,  since  the  required  input  action  may  never  occur,  and  so 
t  must  be  in  the  trace  set.  In  addition,  as  is  often  the  case,  strange  things  happen  at 
infinity.  There  are  mathematical  difficulties  with  parallel  composition  when  infinite  traces 
are  allowed.  There  are  also  conceptual  difficulties — if  an  infinite  sequence  of  actions  can 
never  be  observed  in  its  entirety,  what  does  an  infinite  trace  mean?  Obviously,  an  infinite 
trace  must  represent  some  sort  of  limit  of  finite  behavior.  The  question  then  becomes, 
when  should  the  l.u.b.  of  an  infinite  chain  of  partial  histories  be  included  in  the  trace  set, 
and  when  should  it  not? 

In  order  to  simplify  the  task  of  characterizing  the  valid  sets  of  traces,  we  assume  that 
any  process  is  either  a  sequential  process  or  may  be  formed  from  the  parallel  composition 
of  a  number  of  sequential  processes,  where  a  sequential  process  is  one  which  may  model 
an  agent  that  performs  its  output  actions  one  at  a  time.  Note  that  the  input  actions  of 
such  an  agent  may  occur  concurrently  with  each  other  and  with  the  output  actions. 

In  this  section  we  will  examine  sequential  processes.  For  the  rest  of  this  section,  I  and 
O  will  be  resp.  the  input  and  output  alphabets  of  the  sequential  process  in  question,  and 
we  will  write  ^4  for  7  U  O. 

If  T  is  the  trace  set  of  a  process,  and  i  is  a  partial  history,  then  next[t,T)  (see  section 
1)  is  the  set  of  all  possible  next  actions  after  the  sequence  t  has  occurred.  Since  the  agent 
has  no  control  over  its  input  actions,  any  input  action  may  occur  at  any  time.  Hence  we 
give  the  following  requirement  on  the  trace  set  T  of  a  sequential  process: 

721  :  7  C  next{t,T)  for  all  t  G  prefT 

A  sequential  computing  agent  is  excited  or  enabled  at  some  point  in  time  if  it  is  about 
to  perform  an  output  action,  and  we  can  guarantee  that  if  no  input  action  interferes,  some 
output  action  will  occm.  If  i  is  the  sequence  of  actions  which  have  occurred  up  to  this 
point  in  time,  we  say  that  the  agent  is  enabled  at  t.  For  example,  an  inverter  with  a  0 
value  at  both  input  and  output  is  enabled:  it  is  about  to  perform  a  transition  from  0  to  1 
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on  the  output,  and  is  guaranteed  to  do  so  unless  there  is  a  transition  from  0  to  1  on  the 
input  line  first.  Note  that  t  cannot  be  a  complete  history  if  the  agent  is  enabled  at  t. 

The  operation  of  a  sequential  agent  may  be  viewed  as  follows.  At  any  point  in  time, 
either  the  agent  is  not  enabled  and  it  may  be  that  no  more  actions  will  ever  be  performed, 
or  the  agent  is  enabled  and  will  eventually  either  be  disenabled  by  some  input  action  or 
nondeterministically  choose  one  of  its  possible  next  output  actions  and  perform  it.  Note 
that  this  is  not  in  general  an  appropriate  view  of  the  operation  of  an  agent  which  comprises 
several  concurrently  operating  components.  With  these  ideas  in  mind  we  can  now  say  what 
the  infinite  complete  histories  should  be  for  a  sequential  agent.  Given  any  prefix-closed 
chain  S  of  partial  histories,  £(5)  is  a  complete  history  provided  that  whenever  s  E  S  and 
the  agent  is  enabled  at  s,  there  is  some  su  E  S  s.t.  either  the  agent  is  not  enabled  at  su 
or  u#0  >  0.  Note  that  if  S  is  finite  then  this  says  that  £(S')  is  a  complete  history  iff  the 
agent  is  not  enabled  at  Jll{S). 

We  now  formalize  these  ideas  as  a  requirement  for  sequential  processes. 

Definition:  Given  T  C  A°°  and  t  E  pref  T, 

eno{t,  T)  <=>  t  A  next{t,  T)  f)  O  ^  $ 

When  there  is  no  ambiguity  we  will  simply  write  en{t,  T).  If  T  is  the  trace  set  of  a  sequential 
process  then  en{t,  T)  is  true  if  the  agent  modeled  is  enabled  at  t. 

Definition:  We  say  that  S'  is  a  proper  chain  of  T  C  A°°,  denoted  S  chainofo  T,  iff  S  is  a 
prefix-closed  chain  and  S  C  pref  T  and 

Vs  :  5  G  S  A  en{s,  T)  :  (3u  :  su  E  S  :  -i  en{su,  T)  V  u^O  >  0) 

When  there  is  no  ambiguity  we  will  simply  write  S  chainof  T.  A  proper  chain  is  intended 
to  be  the  prefix  set  of  a  possible  complete  history. 

Definition:  Given  T  C  A°° ,  the  completion  of  T  is 

=  {£(S)  I  S  chainof  T} 

It  is  easily  shown  that  pref  T  =  pref  T*'*’  and  [T'^pyp  =  T’^p  and  T  r\  A*  C  n  A*.  If 
T  =  T'^P  we  say  that  T  is  complete.  Note  that  there  may  be  some  infinite  traces  of  T  which 
are  not  in  T'^p.  We  then  require  that  the  trace  set  of  a  sequential  process  be  complete: 

R2:  r  =  T'*’ 

As  we  will  see  in  the  next  section,  requirements  Rl  and  R2  on  sequential  processes  relieve 
the  difficulties  with  parallel  composition  when  infinite  traces  are  allowed. 
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Note.  This  completeness  requirement  is  analogous  to  Soundararajan’s  completeness 
[3]  and  Back’s  closedness  [8]  requirements,  with  the  difference  that,  due  to  the  input-output 
dichotomy,  we  do  not  take  the  limit  of  every  chain  of  partial  histories. 

We  may  wish  to  say  that  the  future  behavior  of  an  agent  after  a  certain  sequence  of 
actions  t  has  occurred  is  utterly  unknown.  There  may  be  several  reasons  for  this.  It  may  be 
that  the  occurrence  of  an  input  action  at  the  wrong  time  may  cause  something  disastrous 
to  happen,  such  as  a  flip-flop  going  metastable  (in  which  case  the  behavior  may  no  longer 
be  considered  discrete) ,  or  a  dazzling  display  of  pyrotechnics  if  we  have  a  circuit  designed 
by  a  member  of  the  Screenwriter’s  Guild.  It  may  be  that  we  axe  truly  ignorant  of  what 
the  future  behavior  might  be  after  the  sequence  t  has  occurred.  Or  it  may  be  that  we  do 
not  wish  to  consider  what  the  future  behavior  might  be.  In  addition,  having  an  explicit 
notion  of  “utterly  unknown”  or  “undefined”  is  useful  in  applying  this  theory  to  recursive 
programming  language  semantics  (a  topic  to  be  covered  in  a  future  paper.)  If  the  future 
behavior  of  a  sequential  agent  is  unknown  after  t  has  occurred,  we  say  that  the  agent  (resp. 
the  process  modeling  it)  is  broken  at  t. 

So  in  addition  to  T,  which  gives  the  possible  complete  histories  for  our  computing 
agent,  we  have  a  set  17  C  T  giving  the  traces  at  which  the  agent  is  broken.  We  call  U  the 
breakage  set.  We  place  some  restrictions  on  what  U  can  be.  First  of  all,  if  the  agent  is 
broken  at  t  then  after  t  anything  may  happen,  thus  tu  e  T  for  all  u  G  A°°,  and  since  the 
agent  stays  broken  once  it  breaks,  tu  €  U  also.  Secondly,  since  the  agent  may  be  broken 
at  t  only  if  t  is  flnite,  the  only  infinite  traces  in  U  should  be  those  required  by  the  previous 
rule. 

Definition:  Given  U  C  A°°,  the  convex  closure  of  U  is 

^{tueA°°  \teu  A^t)} 

Note  that  (17“’")'="  =  17“=".  If  17  =  17“="  we  say  that  U  is  convex.  Note  that  U  =  17“="  is 
equivalent  to 

(Vt,  u  :  i  G  17  A  $(t)  A  u  G  :  fu  G  17)  A  (VI :  1  G  17  :  3i'  :  «'  <  f  :  G  17) 

We  then  require  that  17,  the  set  of  traces  at  which  the  process  is  broken,  be  convex: 
J?3  :  U  =  17“’" 

Note.  This  convexity  requirement  is  similar  to  Soundararajan’s  convexity  [3]  and 
Back’s  flatness  [8]  requirements. 

Note  that  requirement  721  made  the  introduction  of  breakage  sets  into  our  model 
necessary.  In  other  models,  such  as  trace  theory  [9]  [10],  no  breakage  set  is  required  because 
processes  are  not  required  to  satisfy  721.  In  these  models  721  is  not  used  either  because 
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there  is  no  distinction  between  input  and  output  actions  or  because  the  trace  set  is  regarded 
as  a  specification  of  the  allowed  behavior  of  both  the  agent  and  its  environment.  In  the 
latter  case  there  are  consistency  or  “composability”  requirements  which  must  be  satisfied 
to  allow  the  parallel  composition  of  two  processes.  This  is  undesirable  for  a  descriptive 
model;  we  would  like  to  be  able  to  do  the  parallel  composition  of  any  set  of  processes 
with  disjoint  output  alphabets.  As  we  shall  see,  requirements  Rl  and  R2  on  sequential 
processes  are  sufficient  to  allow  this. 

With  these  conditions  we  can  now  give  the  formal  definition  of  a  sequential  process. 

Definition:  A  sequential  process  is  a  tuple  S  =  (J,  0,T,  U)  such  that 

a.  I  and  O  0  are  disjoint  alphabets  called  the  input  and  output  alphabets  of  S 
respectively. 

b.  C/  C  r  C  (/  u  0)“  and  T  7^  0. 

c.  Rl  holds:  I  C  next{t,T)  for  all  t  G  pref  T. 

d.  R2  holds:  T  =  T‘p. 

e.  R3  holds:  U  =  U^'’ 

For  such  an  S  we  define 

a5  =  /  U  O  iS  =  I  oS  =  0 

tS  =  T  uS  =  U  pS  =  pref  T 

Example  2.1:  A  C-element  is  a  digital  circuit  with  two  inputs  and  one  output.  A 
“transition”  refers  to  a  change  from  high  to  low  or  from  low  to  high  voltage  on  a  wire.  A  C- 
element  waits  for  transitions  to  occur  at  both  of  its  inputs,  and  then  performs  a  transition 
at  its  output.  If  two  input  transitions  occur  without  an  output  transition  separating  them, 
we  can’t  say  just  what  will  happen.  Letting  a  and  b  represent  transitions  on  the  inputs 
and  c  a  transition  on  the  output,  we  model  a  C-element  as  the  sequential  process 

{{a,b},{c},T  UU,U}  where 
T  ^  S^{a-,b-,s}U 
S  =  {a-b-C’,b-a’C’} 

U  =  {tx-  I  X  G  {a,  6}  A  t  G  pref  T  A  tfi^x  >  t^c 

(5-  is  the  set  of  traces  formed  by  catenating  together  any  finite  sequence  of  elements  from 
S ,  and  S—  is  the  set  of  traces  formed  by  catenating  any  infinite  sequence  of  elements  from 
S.  For  two  sets  of  traces  jRi  and  R2,  R1R2  is  { tw  |  t  G  iEi  A  u  G  1^2  }■) 

Example  2.2:  Let  S  model  a  set-reset  flip-fiop,  where  both  the  inputs  and  the  output 
are  initially  low.  When  the  fiip-fiop  is  set,  the  the  set  signal  must  not  be  removed  until 
the  output  is  high,  and  when  it  is  reset,  the  reset  signal  must  not  be  removed  until  the 
output  is  low,  otherwise  the  fiip-fiop  may  go  metastable.  In  addition,  the  set  and  reset 
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signals  should  never  be  simultaneously  high.  Let  r,  5,  and  q  represent  transitions  on  the 
reset  line,  set  line,  and  output  respectively.  Defining  A  =  {r,5,g},  we  can  define  S  as 

({s,  r},  {g},  T  UUjU)  where 

T  =  {t  E  A°°  I  Vu  :  t;  <  t  :  [h{r,v)  A  h{q,v)  V  h{s,v)  A  l[q,v))  vq-  <t} 

C7  =  (Ui  U  1/2)“" 

Ui  =  {tr-  \  t  E  pref  T  A  {h{r,t)  A  h{q,t)  V  l{r,t)  A  h{s,t))  } 

Uz  =  {ts-  \  t  E  pref  T  A  {h{s,t)  Al{q,t)  V /(5,t)  A  h{r,t))  } 
h{x,t)  odd{tjfx) 

l{x,t)  <=^  -ih{x,t) 

Example  2.3:  Suppose  we  have  a  coroutine  which,  in  a  neverending  cycle,  waits  to 
be  passed  an  integer  x,  then  passes  back  x*n  where  n  is  the  number  of  times  it  has  been 
called.  We  model  this  as  the  sequential  process 

{I,0,T[JU,U)  where 
J  =  {  {i,  x)  I  a:  is  an  integer  } 

O  =  {  (o,  x)  I  X  is  an  integer  } 

A  =  IUO 

T  =  {t  E  I  Vv,  X  :  V  <t  :  v^O  <  v^f^I  A  {v{i,  x)*  <  t  =>•  v{i,  x)'(o,  x  *  [v^I))-  <  t)  } 

U  =  {ty\yEl  AtE  pref  T  A  t#/ >  t#C> 


3.  Parallel  Composition  and  General  Processes 

We  now  turn  our  attention  to  parallel  composition.  We  define  parallel  composition 
in  a  manner  analogous  to  that  used  in  trace  theory,  using  the  projection  operator.  The 
projection  of  a  trace  t  onto  an  alphabet  A,  written  t[A,  is  just  t  with  all  symbols  not  in  A 
removed.  For  finite  traces  we  define  it  as  follows: 

e\A  =  e 

[a-u)\A  =  a-{u\A)  if  a  G  A 
(a-u)[A  =  u\A\i  A 

If  r  is  a  set  of  traces  then  T\A  =  {t\A\tET}.  Noting  that 

{pref{t\A)  =  pref{t)\A)  and  {t  <t'  =>■  t\A  <  t'\A) 

for  all  finite  traces  t  and  t',  we  see  that  f[A  =  £.{pref{t)\A)  for  all  finite  t.  So  for  infinite 
traces  t  we  define 

t\A  =  £.{pref{t)  [A) 
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The  parallel  composition  of  a  set  of  processes  models  the  computing  agent  that  is  the 
aggregate  of  the  computing  agents  modeled  by  the  elements  of  the  set.  It  is  meaningful  to 
form  the  parallel  composition  of  a  set  of  processes  as  long  as  the  set  is  composable,  which 
for  a  set  of  sequential  processes  K  means  that  K  is  countable  and 

(VS-, 5'  :  S,S'  eK  loSnoS'  =  0\/  S  =  S') 

This  just  says  that  we  have  been  consistent  in  assigning  symbols  to  represent  actions, 
and  have  not  used  one  symbol  to  represent  two  kinds  of  actions  performed  by  distinct 
computing  agents.  Note  that  K  may  be  an  infinite  set.  The  reason  for  this  is  that  in 
some  concurrent  languages  processes  may  be  created  “on  the  fly.”  We  can  model  this  by 
assuming  that  all  processes  which  might  be  created  already  exist,  but  are  quiescent  until 
“awakened”  by  the  parent  process.  Since  we  may  not  wish  to  put  an  upper  bound  on  the 
number  of  such  processes,  it  is  convenient  to  pretend  we  have  an  infinite  number  of  them, 
of  which  all  but  a  finite  number  are  quiescent  at  any  moment,  just  as  we  often  pretend 
that  a  memory  allocator  has  infinite  memory  resources  to  draw  upon. 

A  moment’s  reflection  will  reveal  that  a  sequence  of  actions  is  a  possible  complete 
history  for  the  aggregate  of  a  collection  of  computing  agents  if  and  only  if  for  any  of 
the  agents,  upon  projecting  the  sequence  onto  the  set  of  actions  which  may  be  seen  or 
performed  by  that  agent  we  get  a  possible  complete  history  for  that  agent.  Hence  we 
define  the  parallel  composition  of  a  set  of  sequential  processes  as  follows. 

Definition;  Given  a  composable  set  K  of  sequential  processes,  the  parallel  composition 
of  iif  is 

(  K)  ={I,0,T,U)  where 
O  =  |J(5'  :S  eK:oS) 

I  =  [j{S  :S  eK  :iS)-0 
T  =  {te{IUO)°°\\/S:SeK:t\siSetS} 

U  =  {t  E  T  \  3S  :  S  E  K  :  t\aS  G  US' } 

Using  the  terminology  of  trace  theory,  we  will  often  call  the  parallel  composition  of  a 
set  of  processes  the  weave  of  the  processes.  We  then  define  a  process  to  be  anything  that 
is  the  weave  of  a  composable  set  of  sequential  processes. 

Definition:  A  process  is  a  member  of  the  class 

P  =  {\[K  \  K  Q  S  and  K  is  composable } 

where  S  is  the  class  of  sequential  processes.  If  P  is  a  process,  then  aP,  tP,  etc.  are  defined 
just  as  for  a  sequential  process.  Note  that  only  sequential  processes  are  required  to  satisfy 
R2  and  P3,  and  processes  in  general  may  not  satisfy  R2  or  P3. 
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For  any  sequential  process  S,  {5}  is  composable  and  ||{5}  =  S,  and  so  S  C  P.  We 
define  composability  and  the  weave  for  general  subsets  of  P  just  the  same  as  for  subsets 
of  S .  The  question  then  arises  as  to  whether  the  weave  of  a  composable  set  of  processes  is 
always  a  process.  The  answer  is  aflBrmative.  We  prove  this  beginning  with  the  following 
lemma. 


Lemma  3.1:  Let  J  be  a  countable  set  of  countable  subsets  of  P  such  that 

VK,  K',P,P‘ :  K,K'  e  J  AP  e  K  AP‘  e  K'  :oPnoP'  K  =  K'  AP  =  P' 
Then  each  K  ^  J ,  as  well  as  U  J  and  {  \\K  \  K  G  J  y,  is  composable,  and 

\{\\K\KeJ}  =  IIUj 

Proof:  Simple  application  of  the  definitions.  □ 


Note  that  if  we  define  the  binary  weave  operator  by  P||  Q  {P,  Q}  then  binary  weave 
is  commutative,  and  as  a  consequence  of  Lemma  3.1  it  is  also  associative. 


Theorem  3.2:  If  C  is  a  composable  subset  of  P  then  ||C  G  P. 

Proof:  For  each  P  e  C  there  is  some  composable  set  Kp  C  S  such  that  P  =  \\Kp.  Let 
J  =  {Kp  I  P  G  C}.  It  is  easily  seen  that  J  satisfies  the  requirements  of  the  previous 
theorem,  hence 


llu 


J  = 


{\\K\K€J}=  {\\Kp\PeC}  = 


c 


Then  since  U-®  ^  5  we  have  that  C  E  P.  O 


One  of  the  problems  in  developing  a  trace-based  theory  of  computing  agents,  which  we 
alluded  to  earlier,  is  ensuring  that  the  weave  always  produces  meaningful  results.  Suppose 
we  have  a  composable  set  FT  C  S  and  a  trace  t  E  [DseK^S)*  such  that  t\aiS  EpS  for  all 
S  E  K.  Since  t\aS  is  a  possible  partial  history  of  the  agent  modeled  by  S  for  all  S  E  K, 
we  should  expect  t  to  be  a  possible  partial  history  of  the  aggregate  of  the  agents  modeled 
by  processes  in  K,  i.e.  we  expect  that  t  E  p(||if).  If  we  place  no  restriction  on  the  trace 
sets  of  the  elements  of  K,  this  will  not  in  general  be  true.  If  our  trace  sets  contain  only 
finite  elements,  it  is  not  hard  to  find  obvious  conditions  on  the  trace  sets  to  make  this  hold 
true.  The  importance  of  condition  R2  (combined  with  PI)  for  sequential  processes  is  that 
it  makes  this  hold  true  even  if  there  are  infinite  traces  in  the  trace  set. 


Theorem  3.3:  For  all  composable  sets  KGS, 

pdlif)  =  {t  G  (  U  a5)*  \VS:SEK:t\aSEpS} 
seK 
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Proof:  Let  T  be  the  right-hand  side  of  the  above  equality.  It  is  obvious  that  a(||i!ir)  = 
Useiif  ^^“^5  that  p(||iir)  C  T.  It  remains  to  show  that  every  element  of  T  is  an  element 
of  P(ll-^)-  Given  some  t  G  T,  we  show  that  £  G  p(||iiC)  by  constructing  a  £'  G  t(||ii:)  such 
that  t  <t‘,  as  follows: 

First,  for  all  natural  numbers  i  we  define  the  sequence  Oi  —  0-1 - i-,  and  we  define 

the  sequence  r  =  aQa\a%  ■  •  The  jth  element  of  t  is  denoted  T[j\.  The  sequence  r  has  the 
important  property  that  for  all  j  and  n  there  is  some  k  >  j  such  that  T[k]  =  n. 

Enumerating  the  elements  of  K  as  Sq,  5i,  . . we  define  a  chain  of  traces  {tj}j  by 

a.  to  =  t 

b.  Given  tj,  let  i  —  T[j].  If  i  >  \K\  or  iV  ^  next{tj\aSi,tSi)  n  o5,-  =  0  then  £y+i  =  tj. 
Otherwise  tj+i  =  tja-  where  a  is  some  element  of  N. 

In  other  words,  for  each  j,  if  i  =  T[j]  <  \K\  we  look  at  S’,-  and  extend  £y  by  some  action 
from  oSi  if  possible  to  produce  tj+i.  R1  ensures  that  £y+i[aS*  G  p5*  for  all  k,  since  oSi 
and  oSj  are  disjoint  for  all  j  7^  i.  We  then  see  that  pref{£y  [a5,}y  C  p^,-  for  all  i.  For  all 
s  G  pref{£y  [a5,}j  there  is  some  u  s.t, 

(su  G  pref{£y[a5',}y)  A  (nex£(s«,t5,)  n  o5,-  =  0  V  u#o5,-  >  0), 

(due  to  the  form  of  r)  and  hence  pref{£y  [a5,}y  chainof  t5,-.  Thus  £j-  =  £{£y[aS',}y  G  tS",- 
for  all  *,  due  to  R2.  Then  if  £'  =  £{£y}y  we  have  that  £  <  £'  and  £'[a5',-  =  £[  G  t^,-  for  all  *, 
and  hence  £'  G  ||FC.  □ 


Theorem  3.3a:  (Corollary).  For  all  composable  sets  K  G  P , 

p(||K)  =  {£G(  U  aPy\\/P:PeK:t\aPepP} 

PeK 


Proof:  Follows  from  Lemma  3.1  and  Theorem  3.3.  □ 

A  consequence  of  the  above  theorem  is  that  tP  is  nonempty  for  all  P  G  Z’ . 

4.  Comparison  with  Trace  Theory  and  Directions  for  Further  Research 

There  are  a  number  of  differences  between  CIT  and  trace  theory  [9]  [10]  which  should 
be  pointed  out.  Whereas  CIT  is  intended  to  be  used  to  describe  and  aid  in  reasoning  about 
the  behavior  of  a  computing  agent,  trace  theory  is  generally  used  as  a  means  of  specifying 
acceptable  behavior  of  a  component  of  a  computing  system.  In  trace  theory  a  component 
is  modeled  by  a  trace  structure,  which  is  an  alphabet  plus  a  prefix-closed  set  of  finite 
traces  which  specifies  the  acceptable  partial  histories  of  the  interaction  of  a  component 
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and  its  environment.  A  trace  structure  is  then  a  specification  of  both  a  component  and 
its  environment,  whereas  a  CIT  process  is  a  description  of  the  behavior  of  a  computing 
agent  which  makes  no  assumptions  about  the  environment  in  which  the  agent  will  operate. 
Another  difference  is  that  trace  theory  deals  with  partial  histories  and  thus  specifies  only 
“safeness”  or  invariance  properties,  whereas  liveness  properties  may  be  discussed  in  the 
framework  of  CIT  due  to  the  use  of  complete  traces.  As  an  example,  suppose  that  for  some 
process  P  we  wish  to  say  that  if  condition  ^  holds  and  continues  to  hold  long  enough,  then 
eventually  condition  ^  will  holds.  We  can  write  this  as 

Vt,s  :  5  <  t  G  tP  A  0(s)  :  (3s*  :  s  <  s'  <t  :  -i(f)[s')  V 

In  general,  how  do  we  specify  properties  that  we  wish  a  computing  agent  to  have?  We 
suggest  that  the  only  properties  of  a  process  P  which  are  really  interesting  for  the  purposes 
of  verification  are  properties  of  the  form 

{Wt  :t  e  uP  :3t'  :t'  <t : 


and 

(Vt  :  t  G  tP  :  ^{t)) 

This  suggests  that  perhaps  some  form  of  linear-time  temporal  logic  [6]  would  be  useful  in 
specifying  and  reasoning  about  CIT  processes. 

Another  interesting  area  of  research  is  the  application  of  CIT  to  the  semantics  of  con¬ 
current  programming  languages.  Work  is  proceeding  on  the  CIT-theoretic  denotational 
semantics  of  concurrent  languages.  This  has  required  defining  an  appropriate  approxi¬ 
mation  ordering  on  sequential  processes  to  allow  recursive  definitions.  The  denotational 
semantics  will  then  be  used  as  a  foundation  from  which  to  develop  axiomatic  semantics 
and  proof  systems  for  these  languages. 
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